Re: [ntp:questions] different parameters for sntp between sles12 and sels11?

2015-11-24 Thread Brian Inglis

On 2015-11-23 02:47, Keshav B wrote:

On SLES 12, I ran a '/usr/sbin/sntp -P no -r xx.xx.xx.xx' command to sync
my system clock with the ntp server, it returned '/usr/sbin/sntp: illegal
option -- P'.
The version of sntp is Ver. 4.2.8p4

While the same command work well on SLES11(version of sntp is Ver. 4.2.6).
Could anybody having any knowledge how to resolve this in SLES 12?

Please provide me the alternate way to use this -P option in SLES 12??


No such option in the new program - you were disabling prompting anyway.
New equivalent of old -r is -S - you can now also use -s and -M # to slew 
and/or step.

The old program was Nick McLaren's stand alone sntp, the new one uses NTP code.
Compare old http://doc.ntp.org/4.2.6p5/sntp.html and new 
https://www.eecis.udel.edu/~mills/ntp/html/sntp.html docs.

--
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions


[ntp:questions] different parameters for sntp between sles12 and sels11?

2015-11-24 Thread Keshav B
Hi Team,

On SLES 12, I ran a '/usr/sbin/sntp -P no -r xx.xx.xx.xx' command to sync
my system clock with the ntp server, it returned '/usr/sbin/sntp: illegal
option -- P'.
The version of sntp is Ver. 4.2.8p4

While the same command work well on SLES11(version of sntp is Ver. 4.2.6).
Could anybody having any knowledge how to resolve this in SLES 12?

Please provide me the alternate way to use this -P option in SLES 12??

Regards,
Keshav
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions


Re: [ntp:questions] kod and limited

2015-11-24 Thread Marco Marongiu
On 24/11/15 10:44, Miroslav Lichvar wrote:
>> > What option would you recommend?
> I think the recommendation is to not use the limited option at all.
> Some people reported that it may actually increase the amount of
> traffic, apparently there are broken clients that send a new request
> soon after missing a reply.
> 
> Also, there is a security issue that an attacker can prevent a client
> from getting replies by sending spoofed packets to the server. See the
> archive of the ntp-hackers list for more information.

Thanks Miroslav, very informative as always! I'll kill "kod" altogether.

Ciao
-- bronto

___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions


Re: [ntp:questions] kod and limited

2015-11-24 Thread Miroslav Lichvar
On Fri, Nov 20, 2015 at 04:40:24PM +0100, Marco Marongiu wrote:
> Now I have two options:
> 1. remove "kod" altogether
> 2. add "limited"
> 
> The defaults for discard seem sensible[3] and adding "limited" shouldn't
> result in problems. On the other hand, I am worried that (for example)
> local clients using burst/iburst or running ntpdate -q repeatedly for
> debugging purposes may be denied the service. Am I just worrying too much?
> 
> What option would you recommend?

I think the recommendation is to not use the limited option at all.
Some people reported that it may actually increase the amount of
traffic, apparently there are broken clients that send a new request
soon after missing a reply.

Also, there is a security issue that an attacker can prevent a client
from getting replies by sending spoofed packets to the server. See the
archive of the ntp-hackers list for more information.

-- 
Miroslav Lichvar
___
questions mailing list
questions@lists.ntp.org
http://lists.ntp.org/listinfo/questions